US2008196099A1PendingUtilityA1
Systems and methods for detecting and blocking malicious content in instant messages
Est. expiryJun 10, 2022(expired)· nominal 20-yr term from priority
Inventors:Vijnan Shastri
H04L 41/0894H04L 51/04H04L 51/212H04L 69/163H04L 63/0227H04L 63/0281H04L 63/102H04L 69/16H04L 63/1441H04L 63/1408
43
PatentIndex Score
0
Cited by
0
References
0
Claims
Abstract
A protocol management system comprises a gateway configured to receive all instant message traffic flowing into and out of a local network and a security module configured to check each instant message coming into the local network via the gateway, determine whether the instant message includes a URL, if so determine whether the URL is in a blacklist and send a challenge to a sender associated with the instant message when it is determined that the URL is not in the blacklist.
Claims
exact text as granted — not AI-modified1 . A protocol management system coupled with a local network, the local network interfaced with an external network, the protocol management system comprising:
a gateway configured to receive all instant message traffic flowing into and out of the local network; a blacklist comprising a list of links; a security module configured to check each instant message coming into the local network via the gateway, determine whether the instant message includes a Universal Resource Locator (URL), if so determine whether the URL is in the blacklist and send a challenge to a sender associated with the instant message when it is determined that the URL is not in the blocklist.
2 . The protocol management system of claim 1 , further comprising an allow list, and wherein the security module is further configured to determine whether the URL is in the allow list or the blacklist before sending a challenge to the sender.
3 . The protocol management system of claim 1 , wherein the security module is configured to deliver the instant message to an associated recipient when the sender responds to the challenge appropriately.
4 . The protocol management system of claim 1 , wherein the security module is further configured to add the URL to the blacklist if the sender does not respond to the challenge appropriately.
5 . The protocol management system of claim 1 , wherein the security module is further configured to add the URL to the blacklist if the sender does not respond to the challenge in a certain amount of time.
6 . The protocol management system of claim 1 , further comprising an enforcer module, wherein the security module is further configured to forward the URL to the enforcer module if the sender does not respond to the challenge appropriately, and wherein the enforcer module is configured to block any connection from the local network to the URL.
7 . The protocol management system of claim 1 , wherein the security module is configured to generate an alert when the sender does not respond to the challenge appropriately.
8 . The protocol management system of claim 1 , wherein the security module is further configured to determine whether the rate of instant messages comprising a URL is above a threshold before sending a challenge.
9 . The protocol management system of claim 1 , wherein the gateway is configured to extract a URL from a hyperlink included in an instant message and make it visible to a recipient.
10 . The protocol management system of claim 1 , further comprising a database configured to store messages received by the gateway, and wherein the security module is configured to analyze the messages stored in the database for suspicious message patterns.
11 . A protocol management system coupled with a local network, the local network interfaced with an external network, the protocol management system comprising:
a gateway configured to receive all instant message traffic flowing into and out of the local network; a blacklist comprising a list of links; a security module configured to determine whether the rate of instant messages being received by the gateway and comprising a Universal Resource Locator (URL) is above a threshold and to send a challenge to a sender associated with an instant message comprising URL when it is determined that the threshold has been exceeded.
12 . The protocol management system of claim 11 , wherein the security module is further configured to determine if the URL is included in the blacklist before sending the challenge.
13 . The protocol management system of claim 11 , further comprising an allow list, wherein the security module is further configured to determine if the URL is included in the allow list before sending the challenge.
14 . The protocol management system of claim 11 , wherein the security module is configured to deliver the instant message to an associated recipient when the sender responds to the challenge appropriately.
15 . The protocol management system of claim 11 , wherein the security module is further configured to add the URL to the blocklist if the sender does not respond to the challenge appropriately.
16 . The protocol management system of claim 11 , wherein the security module is further configured to add the URL to the blocklist if the sender does not respond to the challenge in a certain amount of time.
17 . The protocol management system of claim 11 , further comprising an enforcer module, wherein the security module is further configured to forward the URL to the enforcer module if the sender does not respond to the challenge appropriately, and wherein the enforcer module is configured to block any connection from the local network to the URL.
18 . The protocol management system of claim 11 , wherein the security module is configured to generate an alert when the sender does not respond to the challenge appropriately.
19 . The protocol management system of claim 11 , wherein the gateway is configured to extract a URL from a hyperlink included in an instant message and make it visible to a recipient.
20 . The protocol management system of claim 11 , further comprising a database configured to store messages received by the gateway, and wherein the security module is configured to analyze the messages stored in the database for suspicious message patterns.
21 . A method for detecting and blocking malicious content in instant messages comprising:
receiving an instant message; determining if the instant comprises a Universal Resource Locator (URL); if so, determining whether the URL is in the blacklist; sending a challenge to a sender associated with the instant message when it is determined that the URL is not in the blocklist.
22 . The method of claim 21 , further comprising determining whether the URL is in an allow list or the blacklist before sending a challenge to the sender.
23 . The method of claim 21 , further comprising receiving a response to the challenge from the sender and delivering the instant message to an associated recipient when the sender responds to the challenge appropriately.
24 . The method of claim 21 , further comprising adding the URL to the blocklist if the sender does not respond to the challenge appropriately.
25 . The method of claim 21 , wherein further comprising adding the URL to the blocklist if the sender does not respond to the challenge in a certain amount of time.
26 . The method of claim 1 , further comprising blocking any connection to the URL.
27 . The method of claim 21 , further comprising generating an alert when the sender does not respond to the challenge appropriately.
28 . The method of claim 21 , further comprising determining whether the rate of instant messages comprising a URL is above a threshold before sending a challenge.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.